Aggregator

Currently trending CVE - Hype Score: 16 - The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes ...

Currently trending CVE - Hype Score: 1

Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn't a good idea.

¡Aloh! ¿Qué tal va todo? Soy eldeim, ese es mi nombre hacksor, pero me llamo Dani. Hace unas semanas decidí...

Alleged Sale of 1 Million Personal Records From the United Kingdom

Данные о древних жителях юга Африки подталкивают ученых к более сложной, мозаичной модели происхождения Homo sapiens.

A vulnerability classified as problematic has been found in Samsung Galaxy Store for Galaxy Watch on Android. The impacted element is an unknown function. Performing manipulation results in improper export of android application components. This vulnerability is identified as CVE-2025-58483. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. The impacted element is an unknown function of the component USB Device Handler. Executing manipulation can lead to authentication bypass by spoofing. This vulnerability is handled as CVE-2025-59699. The physical device can be targeted for the attack. There is not any exploit available.

A vulnerability categorized as critical has been discovered in ObjectPlanet Opinio 7.26 rev12562. This affects an unknown function of the component Import Handler. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-13872. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in ObjectPlanet Opinio 7.26 rev12562. This impacts an unknown function. Performing manipulation results in cross-site request forgery. This vulnerability is known as CVE-2025-13871. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as problematic has been found in ObjectPlanet Opinio 7.26 rev12562. Affected is an unknown function of the component survey-import. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-13873. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Samsung MotionPhoto up to 4.1.50. It has been rated as critical. Affected by this issue is some unknown functionality. Performing manipulation results in improper access controls. This vulnerability is known as CVE-2025-58481. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Cacti up to 1.2.28. This affects an unknown part of the component SNMP Handler. Such manipulation leads to command injection. This vulnerability is traded as CVE-2025-66399. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up to 3.3.2 on WordPress. This vulnerability affects the function eh_crm_edit_agent. Executing manipulation can lead to missing authorization. This vulnerability is tracked as CVE-2025-13534. The attack can be launched remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in KaTeX up to 0.16.9. The impacted element is an unknown function of the component Mathematical Expression Handler. Executing manipulation can lead to uncontrolled recursion. This vulnerability is tracked as CVE-2024-28243. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. [...]

A new wave of client-side attacks bypasses enterprise defenses.